ROOT-APP-NPM-CVE-2025-13465 CVE-2025-13465 in @rootio/lodash - Patched by Root

Root has patched CVE-2025-13465 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...

CVE-2026-10046

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write in the BIOS INT 0x15 / E820 memory map handler (napoca/guests/bios_handlers.c). The handler derives a destination offset into the guest RealModeMemory from guest-controlled ES and EDI without validating the address against t...

CVE-2026-10046

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bioshandlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in lodash and lodash-es (CVE-2026-2950, CVE-2026-4800)

Summary Multiple vulnerabilities in the lodash and lodash-es utility libraries CVE-2026-2950, CVE-2026-4800 used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the components to version 4.18.0. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Lodash and Lodash-es (CVE-2025-13465)

Summary A prototype pollution vulnerability in the Lodash and Lodash-es libraries CVE-2025-13465 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 4.18.0. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

A vulnerability was discovered in the Linux kernel before version 6.5.9. This vulnerability could be exploited by local users who have access to MMIO registers through the user space. Incorrect access checks in the VC handler, along with improper emulation of MMIO accesses using the SEV-ES...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed the bug in estreesearch Hulk Robot reported a BUG: kernel BUG at fs/ext4/extentsstatus.c:199! ... RIP: 0010:ext4esend fs/ext4/extentsstatus.c:199 inline RIP: 0010:estreesearch+0x1e0/0x260 fs/ext4/extentsstatus.c:21...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel before version 6.9, a trusted-to-non-trusted hypervisor can inject Virtual Interrupt 29 VC at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES...

CVE-2026-22166

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

JLSEC-2026-365

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...

Security Bulletin: Carbon Charts lodash-es Security Vulnerabilities

Summary Carbon Charts versions prior to 1.27.8 include lodash-es version 4.17.23, which contains two security vulnerabilities: a prototype pollution vulnerability CVE-2026-2950, CVSS 5.3 in the .unset and .omit functions that allows deletion of properties from built-in prototypes, and a critical...

DEBIAN-CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013629 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad quota inode We got a issue as fllows:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011181)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011181 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad boot loader inode We got a issue as fllows:...

RHEL 9 : containernetworking-plugins (RHSA-2026:9109)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:9109 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007561 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad quota inode We got a issue as fllows:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007516)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007516 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad boot loader inode We got a issue as fllows:...

Malicious code in @fairwords/loopback-connector-es (npm)

The @fairwords/loopback-connector-es package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+...

CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...

CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function getesdatabyhttp of the file backend/apps/db/esengine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery. The attack may be initiated...